577
VMScore

CVE-2021-41773

Published: 05/10/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 577
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.49

fedoraproject fedora 34

fedoraproject fedora 35

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

netapp cloud backup -

Mailing Lists

Apache HTTP Server version 2449 suffers from a path traversal vulnerability ...
This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2449 (CVE-2021-41773) If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands This vulnerability has been reintroduced ...
This is another variant of the Apache HTTP server version 2450 remote code execution exploit ...
Hi Yann, Re [1], I think this: "critical: Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 (CVE-2021-41773 <cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-41773>)" is still misleading and should read: "critical: Path traversal and *Remote Code Execution* vulnerability in Apache HTTP Server 2449  ...
Hi oss-security folks, Closing the loop on this one Will Dormann, Hacker Fantastic and I successfully managed to turn this into RCE on both Windows and Linux With mod_cgi (and maybe other similar extensions) enabled, Will showed he could get calc to pop on Windows and HF and I subsequently figured out how to trigger the bug on Linux to reach / ...
Severity: critical Description: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2450 was insufficient An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual default configuration " ...
On Sat, Oct 9, 2021 at 8:00 PM Roman Medina-Heigl Hernandez <roman () rs-labs com> wrote: I appreciate this nuance in your tweetS For completeness :) I'll note that most configs (default, vendors, distros) are not vulnerable to the RCE The removal of "<Directory/> require all denied" is an exploit httpd can do nothing about httpd p ...
Thanks Yann, I'm happy you agree with my analysis It also seems to match the one by your colleage Stefan (that you referenced) I just wanted to clarify that the impact of both CVEs is exactly the same: RCE and/or arbitrary file read and/or none, depending on httpd config :-) There's no difference between Apache 2449 and 2450 in that regard ...
Hi, I posted RCE exploit for this (it works for both CVEs: 41773 & 42013) and some other details regarding requirements / exploitability, which you may find useful at: twittercom/roman_soft/status/1446252280597078024 Excerpt (for the sake of ml-archive): RCE exploit both for Apache 2449 (CVE-2021-41773) and 2450 (CVE-2021-4201 ...
On Fri, Oct 08, 2021 at 08:37:33PM +0200, Yann Ylavic wrote: Yann is probably referring to the full tweet thread by Roman, not just the one tweet that Roman posted in here Let me correct that: --- Román Medina-Heigl Hernández @roman_soft RCE exploit both for Apache 2449 (CVE-2021-41773) and 2450 (CVE-2021-42013): root@CT406:~# curl 'htt ...

Metasploit Modules

Apache 2.4.49/2.4.50 Traversal RCE scanner

This module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution). This vulnerability has been reintroduced in Apache 2.4.50 fix (CVE-2021-42013).

msf > use auxiliary/scanner/http/apache_normalize_path
msf auxiliary(apache_normalize_path) > show actions
    ...actions...
msf auxiliary(apache_normalize_path) > set ACTION < action-name >
msf auxiliary(apache_normalize_path) > show options
    ...show and set options...
msf auxiliary(apache_normalize_path) > run
Apache 2.4.49/2.4.50 Traversal RCE

This module exploit an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution). This vulnerability has been reintroduced in Apache 2.4.50 fix (CVE-2021-42013).

msf > use exploit/multi/http/apache_normalize_path_rce
msf exploit(apache_normalize_path_rce) > show targets
    ...targets...
msf exploit(apache_normalize_path_rce) > set TARGET < target-id >
msf exploit(apache_normalize_path_rce) > show options
    ...show and set options...
msf exploit(apache_normalize_path_rce) > exploit

Github Repositories

CVE-2021-41773 I have developed a POC of CVE-2021-41773 , RCE + cgi-bin path traversal NOTE : TESTED ON APACHE2 2449 You can pulled vuln Apache2 2449 directly from Docker $ sudo docker pull blueteamsteve/cve-2021-41773:no-cgid $ sudo docker run -dit -p 80:80 blueteamsteve/cve-2021-41773:no-cgid localhost:80 path traversal RCE

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 (CVE-2021-41773) Info A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the expected document root If files outside of the document root are not protected by "require all

mass_cve-2021-41773 MASS CVE-2021-41773 Screenshot Usage ! python3 -m pip install requests pyyhon3 cve-2021-41773py urlisttxt pool Note ! results will be automatically saved in vulntxt u can add a common dir on githubcom/i6c/MASS_CVE-2021-41773/blob/main/cve-2021-41773py#L51 References wwwtenablecom/blog/cve-2021-41773-path-traversal-zero-day-in-apa

A Python script to check if an Apache web server is vulnerable to CVE-2021-41773

CVE-2021-41773 scanner This script tests for the path traversal and local file inclusion vulnerability in Apache version 2429, this script doesn't return local files, it merely scans the web server and tells you if it's vulnerable or not Usage: python3 cve-2021-41773-scannerpy IPv4 address

cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49

Apache 2449 - Path Traversal or Remote Code Execution cve-2021-41773py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2449 Vulnerable instance of Docker is provided to get your hands dirty on CVE-2021-41773 If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons&q

Vulnerable configuration Apache HTTP Server version 2.4.49

CVE-2021-41773 Vulnerable service Installation Several options: 1 Docker container docker run -d -p 8080:80 12345qwert123456/apache_2_4_49_cve-2021-41773 2 Dockerfile git clone githubcom/12345qwert123456/CVE-2021-41773git cd CVE-2021-41773-Vulnerable-service/2449 docker build -t apache_2_4_49_cve-2021-41773 docker run -d

CVE-2021-41773 (Apache httpd only 2449) For educational purposes only See Reference for the details Run $ git clone githubcom/masahiro331/CVE-2021-41773git $ cd CVE-2021-41773 $ docker build -t cve-2021-41773 $ docker run -d -p 8080:80 cve-2021-41773 Exploit # This vulnerability affects the use of Alias $ curl loca

Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773)

CVE-2021-41773 Path traversal in Apache HTTP Server 2449 (CVE-2021-41773) For educational purposes only Test Set up the PoC environment $ docker build -t cve-2021-41773 $ docker run --rm -dit -p 8000:80 cve-2021-41773 Confirm it works $ curl localhost:8000 &lt;html&gt;&lt;body&gt;&lt;h1&gt;It works!&

Vulnerable docker images for CVE-2021-41773 Apache path traversal This vulnerabiltiy only applies to version 2449 that have specific non-default configs In certain situations this can result in either file read or code execution twittercom/ptswarm/status/1445376079548624899 Vulnerable file read config Containers can be pulled directly from Docker Hub using docker

Vulnerable configuration Apache HTTP Server version 2.4.49

CVE-2021-41773 Vulnerable service Installation Several options: 1 Docker container docker run -d -p 8080:80 12345qwert123456/apache_2_4_49_cve-2021-41773 2 Dockerfile git clone githubcom/12345qwert123456/CVE-2021-41773git cd CVE-2021-41773-Vulnerable-service/2449 docker build -t apache_2_4_49_cve-2021-41773 docker run -d

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 (CVE-2021-41773) Info A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the expected document root If files outside of the document root are not protected by "require all

CVE-2021-41773 的复现

CVE-2021-41773 复现 wwwtenablecom/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited v2449 apache 独有漏洞,早期版本中并没有 ap_normalize_path 这个函数,该函数是在v2449版本中引入的,正是这个函数导致了 目录穿越,在 v2450 被修复了 环境 githubcom/1nhann/CVE-2021-41773 本环境

CVE-2021-41773

CVE-2021-41773-nse By George Labrin (@creadpag) Checks if Server is vulnerable to Apache 2449 CVE-2021-41773 POC Open your favorite Terminal and run these commands Use NMAP First Tab: mv cve-2021-41773nse /usr/share/nmap/scripts/ Second Tab: sudo nmap -Pn --script=cve-2021-41773nse XXXX -p X

Vulnerable docker images for CVE-2021-41773

Vulnerable docker images for CVE-2021-41773 Apache path traversal This vulnerabiltiy only applies to version 2449 that have specific non-default configs In certain situations this can result in either file read or code execution twittercom/ptswarm/status/1445376079548624899 Vulnerable file read config Containers can be pulled directly from Docker Hub using docker

Vulnerable configuration Apache HTTP Server version 2.4.49

CVE-2021-41773 Vulnerable service Installation Several options: 1 Docker container docker run -d -p 8080:80 12345qwert123456/apache_2_4_49_cve-2021-41773 2 Dockerfile git clone githubcom/12345qwert123456/CVE-2021-41773git cd CVE-2021-41773-Vulnerable-service/2449 docker build -t apache_2_4_49_cve-2021-41773 docker run -d

Cve-2021-41773-grabber Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 This script grabber vuln server for cve 2021-41773 from shodan How to Usage : use python 3 install shodan module " pip install shodan" change keyword on script with your shodan keyword need your shodan api key run : python3 apachepy [count of output]

Vulnerable configuration Apache HTTP Server version 2.4.49

CVE-2021-41773 Vulnerable service Installation Several options: 1 Docker container docker run -d -p 8080:80 12345qwert123456/apache_2_4_49_cve-2021-41773 2 Dockerfile git clone githubcom/12345qwert123456/CVE-2021-41773git cd CVE-2021-41773-Vulnerable-service/2449 docker build -t apache_2_4_49_cve-2021-41773 docker run -d

CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49.

cve-2021-41773 CVE-2021-41773 Path Traversal vulnerability in Apache 2449 RCE POC PoC Payload curl -s --path-as-is ":[PORT]/icons/%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd curl -s --path-as-is --data "echo;Command" "[IP]:[PORT]/cgi-bin/%2e/%2e%2e/%2e%2e/bin/sh Follow us Vulnmachines YouTube Twitter Facebook LinkedIn

CVE-2021-41773 - Apache HTTP Server 2449 Cara Menjalankan Lab CVE-2021-41773-Path Traversal Install dan jalankan Docker di PC/Laptop anda Clone github repo ini Pergi ke folder Path Traversal Masukan perintah sebagai berikut docker build -t cve-2021-41773-path-traversal dan docker run --rm -dit -p 8888:80 cve-2021-41773-path-traversal Akses menggunakan browser dengan mengun

A little demonstration of cve-2021-41773 on httpd docker containers

CVE-2021-41773 A Demonstration to show the CVE-2021-41773 vulnerability on a docker container Usage Server run buildsh(runs docker build) /scripts/buildsh NOTE: No need to do it more than once run deploysh (creates a docker container with the image from buildsh) /scripts/deploysh to clos

CVE-2021-41773

CVE-2021-41773 Hello guys, yesterday The new CVE-2021-41773 for apache 2449 verison is released So in this case, i want to explain about this apache vulnerability Playground So, I think you guys want to test this vulnerability in website So i have a playground place for you guys This is the website to download docker image of example apache 2449 Docker Image Note: there

CVE-2021-41773 apache http server vulnerability (only works 2449) requirement settings httpdconf &lt;IfModule mpm_prefork_module&gt; LoadModule cgi_module modules/mod_cgiso # uncomment this line &lt;/IfModule&gt; &lt;Directory /&gt; AllowOverride none # Require all denied # comment out this line or set `Require all granted` &lt;/D

CVE-2021-41773 - Apache HTTP Server 2449 Cara Menjalankan Lab CVE-2021-41773-Path Traversal Install dan jalankan Docker di PC/Laptop anda Clone github repo ini Pergi ke folder Path Traversal Masukan perintah sebagai berikut docker build -t cve-2021-41773-path-traversal dan docker run --rm -dit -p 8888:80 cve-2021-41773-path-traversal Akses menggunakan browser dengan mengun

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 Usage python3 apache2-4-49py -h python3 apache2-4-49py --check --single examplecom Reference wwwtenablecom/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited nvdnistgov/vuln/detail/CVE-2021-41773

CVE-2021-41773-PoC PoC for CVE-2021-41773 with docker to demonstrate Run Just run /pocsh Make sure you have working docker and docker-compose $ /pocsh Creating network "cve-2021-41773-poc_default" with the default driver Creating cve-2021-41773-poc_web_1 done root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/u

PoC for CVE-2021-41773 with docker to demonstrate

CVE-2021-41773-PoC PoC for CVE-2021-41773 with docker to demonstrate Run Just run /pocsh Make sure you have working docker and docker-compose $ /pocsh Creating network "cve-2021-41773-poc_default" with the default driver Creating cve-2021-41773-poc_web_1 done root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/u

A automatic scanner to apache 2.4.49

Scanner-CVE-2021-41773 A automatic scanner to apache 2449 • run: go run maingo OR go build maingo &amp;&amp; /main • you can customize your payload • vulnerable hosts are saved Make your lab: 1 Pull Image: sudo docker pull blueteamsteve/cve-2021-41773:no-cgid 2 Run Image: sudo docker run -dit -p 8080:80 blueteamsteve/cve-2021-41773:no-cgid 3 E

CVE-2021-41773

CVE-2021-41773 Hello guys, yesterday The new CVE-2021-41773 for apache 2449 verison is released So in this case, i want to explain about this apache vulnerability Playground So, I think you guys want to test this vulnerability in website So i have a playground place for you guys This is the website to download docker image of example apache 2449 Docker Image Note: there

MASS CVE-2021-41773

mass_cve-2021-41773 MASS CVE-2021-41773 Screenshot Usage ! python3 -m pip install requests pyyhon3 cve-2021-41773py urlisttxt pool Note ! results will be automatically saved in vulntxt u can add a common dir on mass_cve-2021-41773/cve-2021-41773py Line 49 in 4579bdb common_dir

CVE-2021-41773 - Apache HTTP Server 2449 Cara Menjalankan Lab CVE-2021-41773-Path Traversal Install dan jalankan Docker di PC/Laptop anda Clone github repo ini Pergi ke folder Path Traversal Masukan perintah sebagai berikut docker build -t cve-2021-41773-path-traversal dan docker run --rm -dit -p 8888:80 cve-2021-41773-path-traversal Akses menggunakan browser dengan mengun

CVE-2021-41773 Grabber

Apachuk - CVE-2021-41773 Grabber with Shodan Grabber Apache Directory traversal with Shodan Rewrite code from : githubcom/mohwahyudi/cve-2021-41773 How To Use pip3 install requirementstxt python3 mainpy -a [Shodan Api Key] -k [Keyword for shodan] Shodan API Key ? Login / Register to Get your shodan API Key on accountshodanio/ Example python3 mainpy -a

CVE-2021-41773 This is the deployment for Apache 2449 which associates with CVE-2021-41773 using Docker container Description: A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directorie

Metasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)

CVE-2021-41773|CVE-2021-42013: Path Traversal Zero-Day in Apache HTTP Server Exploited On October 5, the Apache HTTP Server Project patched CVE-2021-41773, a path traversal and file disclosure vulnerability in Apache HTTP Server, an open-source web server for Unix and Windows that is among the most widely used web servers According to the security advisory, CVE-2021-41773 has

CVE-2021-41773 Usage [+] python /exploitpy [-OPTIONS] [Target/List of Targets] [+] -h : help [+] -url &lt;target&gt;: specifict the target to check [+] -list &lt;filename&gt;: Scan multiple targets Example -h: help -url: url -list: path to file

🚩 CTF Zup 2021/2 Write up 2# Este documento contém todas as minhas respostas (passo a passo) e ferramentas utilizadas para resolução dos desafios do CTF Zup 2021/2 (segundo semestre) Categorias Android Android1 Android3 Android4 Android5 Android6 Cloud Security Leak Bucket Misc Conversa estranho Se FOR fácil, eu MATO! Packet Reverse Eng

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773 Description (cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-41773) A flaw was found in a change made to path normalization in Apache HTTP Server 2449-2450 An attacker could use a path traversal attack to map URLs to files outside the expected document root If files outside of

CVE-2021-41773 Apache2 2449 - LFI &amp; RCE Exploit Info # Exploit Title: Apache HTTP Server 2449 - Path Traversal &amp; Remote Code Execution (RCE) # Exploit Author: Gaurav Raj gauravrajxyz bloggauravrajxyz # Vendor Homepage: apacheorg/ # Version: 2449 # Tested on: 2449 # CVE : CVE-2021-41773

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

CVE-2021-41773 Apache HTTP Server 2449, 2450 - Path Traversal &amp; RCE

Mass exploitation CVE-2021-41773 and auto detect possible RCE

CVE-2021-41773 Mass exploitation CVE-2021-41773 and auto detect possible RCE

Writeups for the SIGFLAG CTF

sigflag CTF 2022 Hardware SPI Flash Easy: SIG{I_READ_THE_INTRO} SPI Flash S01 $ strings flashbin | rg SIG SIGFLAGMEM FAT16 SIGFLAGMEM SIG{S01_FAT_boy_cannot_find_me} eSIG SIG{S01_FAT_boy_cannot_find_me} SPI Flash S02 We can mount the filesystem: $ sudo mount flashbin /mnt/test $ exa -alh /mnt/test Permissions Size User Date Modifi

apache_path_traversal This is a PoC for the directory traversal apache vulnerability CVE-2021-41773 that supports multiple hosts Usage : python3 poc_CVE-2021-41773py hoststxt

CVE-2021-41773

Custom made cve exploits

CVE-2021-41773py Apache 2449 Path Traversal

Exploit for path transversal vulnerability in apache

Exploit for Apache2 Exploit for path transversal vulnerability in apache Version: 2449 CVE: CVE-2021-41773 Pull docker image docker pull httpd:2449-alpine Configure apache In /usr/local/apache2/conf/httpdconf replace these entries &lt;Directory /&gt; AllowOverride none - Require all denied + #Require all denied

CVE-2021-41773 vulnerable apache version 2.4.49 lab set-up.

apache2449VulnerableLabSetup CVE-2021-41773, Apache HTTP Server 2449 is vulnerable to Path Traversal and Remote Code execution attacks This repo is to simulate the vulnerability

CVE-2021-41773 🐛 Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual

This is a simple POC for Apache/2.4.49 Path Traversal Vulnerability

CVE-2021-41773 This is a simple poc for Apache Path Traversal Vulnerability Vulnerable versions: Apache/2449 Apache/2450 with mod_cgi disabled

Unix v7 UUCP had a bug in the chkpth() code

The 1978 UNIX v7 UUCP chkpth() bug Unix v7 UUCP had a bug in the chkpth() code The bug in UUCP is from way-way-back in the late 70's and early 80's and was within the original UUCP code included in Unix v7 and it's newer derived versions CVE-2021-41773 The bug lives on in Apache and the recent CVE-2021-41773 (CVE == Common Vulnerabilities and Exposures) It&

cve-2021-41773 Chạy Server $ docker build -t cve-2021-41773 $ docker run --rm -d -p 80:80 cve-2021-41773 Khai thác curl --data "echo;id" 'localhost/cgi-bin/%2e/%2e/%2e/%2e/etc/passwd' Nguyên nhân Lỗi cấu hình trong file httpdconf kết hợp Path traversal =&gt; RCE

CVE-2021-41773 Gaurav Raj's exploit modified by Plunder

CVE-2021-41773 ( Apache / 2449 ) CVE-2021-41773 exploit by Gaurav Jav modified by Plunder in order to use custom exploit Usage : $ py exploitpy -h usage: exploitpy [-h] -t TARGET [-b BINARY] Apache2 2449 Exploit options: -h, --help show this help message and exit -t TARGET, --target TARGET Specify the

CVE-2021-41773 Docker $ sudo docker build -t &lt;image_name&gt; $ sudo docker run -d -t -p 80:80 --name &lt;container_name&gt; &lt;image_name&gt; /bin/bash $ sudo docker exec -it &lt;container_name&gt; /bin/apachectl -k restart To access docker container for custom config file $ docker exec -it &lt;c

CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" python3 apache_path_traversalpy -l urls-listtxt

Apache 2.4.49 Path Traversal Vulnerability Checker

CVE-2021-41773 Apache 2449 Path Traversal Vulnerability Checker Example Platform Linux &amp; Windows

CVE-2021-41773 Shodan scanner

CVE-2021-41773 Shodan scanner CVE-2021-41773 Shodan scanner via multithread Python script Usage: git clone githubcom/anldori/CVE-2021-41773-Scanner cd CVE-2021-41773-Scanner/ Add your private Shodan API to scanpy python3 scanpy

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can s…

CVE-2021-41773-exercise A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can

Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️

CVE-2021-41773 Essay 🕸️ Description 🖼️ This repository contains an essay about CVE-2021-41773, a remote code execution vulnerability in Apache 2449 This was created for a course from Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest, namely "Cyberdefences and Cyberintelligence" Folders Structure 📁 The folder structure is

Docker vulnerabile per scopi accademici con Apache 2.4.49.

vulnerable_docker_apache_2_4_49 Repository per scopi accademici Docker per l'exploit della vulnerabilità CVE-2021-41773 Per maggiori informazioni: githubcom/BlueTeamSteve/CVE-2021-41773 Credits to: githubcom/BlueTeamSteve DockerHub Link: hubdockercom/r/m96dg/pw_apache_2_4_49

Poc.py

POC CVE-2021-41773 Poc para testear la vulnerabilidad CVE-2021-41773 correspondiente al servicio apache httpd 2449 POC Open your favorite Terminal and run these commands First Tab: wget rawgithubusercontentcom/TishcaTpx/POC-CVE-2021-41773/main/pocpy Second Tab: python3 pocpy exampledomaincom

School project - Please use other repos for actual testing

CVE-2021-41773-exploiter School project - Please use other repos for actual testing

CVE-2021-41773, poc, exploit

Usage file ip-portstxt: 1111:80 node CVE-2021-41773js ip-portstxt

Poc CVE-2021-41773 - Apache 2.4.49 with CGI enabled

CVE-2021-41773 Poc CVE-2021-41773 - Apache 2449 with CGI enabled Usage : chmod -x CVE-2021-41773sh /CVE-2021-41773sh ip:port/ /etc/passwd References nvdnistgov/vuln/detail/CVE-2021-41773 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-41773&gt;

Mitigation/fix of CVE-2021-41773 A Path Traversal And File Disclosure Vulnerability In Apache

Mitigation-CVE-2021-41773- Shell Script to mitigate CVE-2021-41773 A Path Traversal And File Disclosure Vulnerability In Apache Installation wget githubcom/EkamSinghWalia/Mitigation-CVE-2021-41773-git Usage Complete fix and suggested way to mitigate the vulnerabilty This script will upgrade and update system repo and apache bas

Przygotowanie Środowiska Docker Desktop Docker to platforma do tworzenia, uruchamiania i zarządzania kontenerami oprogramowania Kontenery to lekkie, samodzielne jednostki oprogramowania, które zawierają wszystko, czego potrzeba do uruchomienia aplikacji, w tym kod, biblioteki, zależności i pliki konfiguracyjne John the Ripper | Hashcat Hash od Serwera Jest to

CVE-2021-41773 Docker $ sudo docker build -t &lt;image_name&gt; $ sudo docker run -d -t -p 80:80 --name &lt;container_name&gt; &lt;image_name&gt; /bin/bash $ sudo docker exec -it &lt;container_name&gt; /bin/apachectl -k restart To access docker container for custom config file $ docker exec -it &lt;c

Detectar vulnerabilidades script con nmap

nmap Coleccion de simples NSE-script para nmap, para detectar Path Traversal y otras vulnerabilidades git clone githubcom/hackingyseguridad/nmap/ cp cve-2021-41773nse /usr/share/nmap/scripts/ Uso: Por ejemplo: nmap -Pn -p80,443 -sVC --script=cve-2021-41773nse

CVE-2021-41773 Proof of Concept Quick and dirty proof of concept for checking if hosts vulnerable to CVE-2021-41773 python3 fullpy hoststxt Where hoststxt contains your targets: domaincom blahcom 19216811 It'll print out if the host is vulnerable or not vulnerable Python version of bas

php Thinkphp Apache CVE-2021-41773 oa landray_oa(蓝凌oa) 前台任意文件读取 seeyon_oa(致远oa) yonyou(用友) 用友NC BeanShell RCE php Thinkphp Apache CVE-2021-41773 影响版本 Apache HTTP SERVER 2449 参考 oa landray_oa(蓝凌oa) 前台任意文件读取 seeyon_oa(致远oa) yonyou(用友) 用友NC BeanShell RCE 影响版本 用友NC65 参考

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 This script test Apache HTTP Server 2449 Usage: CVE-2021-41773py options Only for one IP: python CVE-2021-41773py IP_address Option -f For IP list in file Example: python CVE-2021-41773py -f IP_address_list_filename Option -s For IP subnet Example: python CVE-2021-41773py -s 192

Mitigation/fix of CVE-2021-41773 A Path Traversal And File Disclosure Vulnerability In Apache

Mitigation-CVE-2021-41773- Shell Script to mitigate CVE-2021-41773 A Path Traversal And File Disclosure Vulnerability In Apache Installation wget githubcom/EkamSinghWalia/Mitigation-CVE-2021-41773-git Usage Complete fix and suggested way to mitigate the vulnerabilty This script will upgrade and update system repo and apache bas

《Go语言自研安全工具》

Go语言自研安全工具 本项目用于记录自己使用Go语言开发的一些小型的安全相关工具。作者不会对程序添加任何形式的后门,程序不会对系统产生任何的破坏。但工具仅适用于甲方自查或乙方在授权的情况下进行测试。请各位师傅放心使用,风险自担。本人太菜,代码写的太烂,所有程序

Exploit for Apache 2.4.49

CVE-2021-41773 This is my first time trying to make an exploit for something sobe nice 😁 [*] Exploit Title: Apache HTTP Server 2449 Path Traversal [*] Author: 0xRar , 0xrarnet [*] CVE: CVE-2021-41773 [*] Version: Apache 2449 [*] Not Tested Yet Help Command: python3 exploitpy -h

python编写的apache路径穿越poc&exp

CVE-2021-41773 python语言poc&amp;exp项目。 声明:该项目来自作者日常学习笔记。 请勿利用相关技术以及工具从事非法测试,如因此产生的一切不良后果作者无关。 使用: python mainpy -h 查看帮助 python mainpy -u 利用漏洞 python mainpy -f urltxt 批量测试漏洞是否存在 python mainpy -f urltxt -o b

CVE-2021-41773 🐛 Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual

apache路径穿越漏洞poc&exp

CVE-2021-41773 go语言poc&amp;exp项目。 声明:该项目来自作者日常学习笔记。 请勿利用相关技术以及工具从事非法测试,如因此产生的一切不良后果作者无关。 使用: /main -u &lt;url&gt; 单个url /main -u &lt;url&gt; -c &lt;command&gt; 单个url执行单个命令 /main -f &lt;file&gt;

用于检测/利用Apache 2449与2450上的目录穿越/命令执行漏洞 使用: 漏洞检测:python3 CVE-2021-41773-42013py -u url 读取文件: python3 CVE-2021-41773-42013py -u url -m read -f filepath 执行命令:python3 CVE-2021-41773-42013py -u url -m exec -c command -s shell(默认/bin/sh)

POC

CVE-2021-41773 POC

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" python3 apache_path_traversalpy -l urls-listtxt

CVE-2021-41773 Path Traversal for Apache 2449 ubuntucom/security/CVE-2021-41773 Affected base (time: 22:49 06/10/2021) Usage # IP python3 CVE-2021-41773py -i 10101010 -s # List of ips python3 CVE-2021-41773py -l /home/ac1d/Documents/code/python/CVE-2021-41773/ipstxt -s Screenshot Check for Apache Version user@server2

CVE-2021-41773 playground

CVE-2021-41773 Playground This is a small Docker recipe for setting up a Debian bookworm based container with an instance of the Apache HTTPd (2449) that is vulnerable to CVE-2021-41773 CGI has been explicitly enabled so it can be used to test/verify Local file Disclosure behavior as well as Remote Command Execution behavior Usage $ docker-compose build &amp;&amp; d

LFI / RCE Unauthenticated - Apache 2.4.49 & 2.4.50

LFI-RCE-Unauthenticated-Apache-2449-2450 LFI / RCE Unauthenticated - Apache 2449 &amp; 2450 Explanation: Apache HTTP Server is an open source web server from the Apache Foundation in the United States The server is fast, reliable, and extensible via a simple API It was discovered that the fix for CVE-2021-41773 in Apache HTTP Server 2450 is insufficient An atta

CVE-2021-41773

Path Traversal and RCE in Apache HTTP Server 2.4.49

CVE-2021-41773 Quick proof of concept The script check for LFI and RCE in Apache 2449, you can test a single target or a list Make sure you specify HTTP or HTTPS for a single target Test only if you're authorized, be smart Example usage: python3 cve2021-41773py -target DOMAIN/IP -protocol HTTP/HTTPS -file domain_listtxt

The first vulnerability with the CVE identifier CVE-2021-41773 is a path traversal flaw that exists in Apache HTTP Server 2.4.49.

CVE-2021-41773 🐛 Path traversal and file disclosure vulnerability in Apache HTTP Server 2449 A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual

These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure.

CVE-2021-41773 Description This script exploits CVE-2021-41773 to print file or/and execute command This script is available for: Nmap Python Ruby Requirements Python python3 python3 Standard Library Ruby Ruby Ruby Standard Library Install git clone githubcom/mauricelambert/CVE-2021-41773git cd CVE-2021-41773 # Python pip install -r requirementstxt

Small PoC of CVE-2021-41773

CVE-2021-41773 Small PoC of CVE-2021-41773 Usage Set target in script Run Reference Exploit on ExploitDB THM Room

Taak Cybersecurity

CyberSecurityTaak-El-Jari This repository is for the Cybersecurity &amp; Virtualisation course at [HoGent] (hogentbe) Content On the 5th of October 2021, a CVE detailing a path traversal attack on Apache HTTP Server 2449 was released Assigned the number CVE-2021-41773, it was released with the following description: A flaw was found in a change made to path nor

Setup vulnerable enviornment

CVE-2021-41773 Setup vulnerable enviornment

CVE-2021-41773

target/cgi-bin/%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts id: CVE-2021-41773 info: name: Apache 2449 Exploit author: numanturle severity: high requests: - method: GET path: - "{{BaseURL}}/cgi-bin/%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts" matchers-condition: and matchers: - type: regex regex: - "127001"

CVE-2021-41773-RCE

CVE-2021-41773 A flaw was found in a change made to path normalization in Apache HTTP Server 2449-2450 An attacker could use a path traversal attack to map URLs to files outside the expected document root If files outside of the document root are not protected by "require all denied" these requests can succeed Additionally this flaw could leak the source of int

CVE-2021-41773 CVE-2021-41773 POC with Docker Configuration To customize the httpdconf file, change line 251 in the &lt;Directory /&gt; section from Require all denied to Require all granted &lt;Directory /&gt; AllowOverride none Require all granted &lt;/Directory&gt; Create a Dockerfile in your project F

Apache HTTPd (2.4.49) – Local File Disclosure (LFI)

CVE-2021-41773 Playground This is a small Docker recipe for setting up a Debian bookworm based container with an instance of the Apache HTTPd (2449) that is vulnerable to CVE-2021-41773 CGI has been explicitly enabled so it can be used to test/verify Local file Disclosure behavior as well as Remote Command Execution behavior Usage $ docker-compose build &amp;&amp; d

Apache 2.4.49

CVE-2021-41773 Path Traversal for Apache 2449 Affected base (time: 22:49 06/10/2021) Usage # IP python3 CVE-2021-41773py -i 10101010 -s # List of ips python3 CVE-2021-41773py -l /home/ac1d/Documents/code/python/CVE-2021-41773/ipstxt -s Screenshot

CVE-2021-41773_Exploit 110-1 網路與系統安全 Group 16 資工三 108590029 朱欣雨 資工三 108590050 李浩銘

POC-CVE-2021-41773 On the 5th of October 2021, a CVE detailing a path traversal attack on Apache HTTP Server v2449 was released Assigned the number CVE-2021-41773, it was released with the following description: A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the

Exploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49.

CVE-2021-41773 Exploitation of CVE-2021-41773 a Directory Traversal in Apache 2449

CVE-2021-41773 apache version 2449 simaple poc How use scipt chmod +x apachesh /apachesh &lt;file_tagret&gt; exmaple /apachesh 127001 etc/passwd

Simple script realizado en bash, para revisión de múltiples hosts para CVE-2021-41773 (Apache)

Simple CVE-2021-41773 checker Simple script realizado en bash, para revisión de múltiples hosts para CVE-2021-41773 (Apache) [+] Uso: /CVE-2021-41773sh hoststxt

Simple honeypot for CVE-2021-41773 vulnerability

CVE-2021-41773_Honeypot lopqtome/posts/building-highly-interactive-honeypots

GitHub profile README, leveraging GitPortfolio

Organisations Currently, I'm a member of 4 organisations on GitHub Systems Lab (systemscspubro) Canonical MutableSecurity OpenCRS Repositories At the moment, my attention is on 15 repositories Identifier Description Tags Metadata iosifache/cookiecutter-minimal-python Cookiecutter template for creating Python 3 pro #development iosifache/ct

Recent Articles

Brewdog might make an OK pint but its security sucks: Flaw opened door to free beers for anyone
The Register • Iain Thomson in San Francisco • 11 Oct 2021

Get our weekly newsletter Plus two failings this week at Apache and Twitch and nostalgia for Flash fans

In brief Hipster beer maker Brewdog has been caught out by a basic, but potentially very expensive, security problem, and the team that discovered it says the Scottish tipple-merchant's response was hardly encouraging.
Research by security shop Pen Test Partners found that the Brewdog mobile app used the same hard-coded API Bearer Token to log in every single customer on their mobiles. This would allow anyone to access and use other people's accounts, including 200,000 "Equity for Punks" s...

Running a recent Apache web server version? You probably need to patch it. Now
The Register • Richard Speed • 06 Oct 2021

Get our weekly newsletter Unless you want to leak like a sieve

The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.
Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great. The latter, a path traversal and file disclosure flaw, is particularly problematic.
The former was reported to Apache's security team on 17 September and can be exploited by an external source to DoS a server ...

FBI: Beware of thieves building Androxgh0st botnets using stolen creds
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Infecting networks via years-old CVEs that should have been patched by now

Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
In a joint warning issued on Tuesday, the US government agencies said the Python-scripted malware primarily targets .env files that contain user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. After scanning and exploiting these stolen credentials, Androxgh0st can al...

References

CWE-22https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.openwall.com/lists/oss-security/2021/10/05/2http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.htmlhttp://www.openwall.com/lists/oss-security/2021/10/07/1http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.htmlhttp://www.openwall.com/lists/oss-security/2021/10/07/6https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZhttp://www.openwall.com/lists/oss-security/2021/10/08/1http://www.openwall.com/lists/oss-security/2021/10/08/2http://www.openwall.com/lists/oss-security/2021/10/08/4http://www.openwall.com/lists/oss-security/2021/10/08/3http://www.openwall.com/lists/oss-security/2021/10/08/6http://www.openwall.com/lists/oss-security/2021/10/08/5http://www.openwall.com/lists/oss-security/2021/10/09/1http://www.openwall.com/lists/oss-security/2021/10/11/4http://www.openwall.com/lists/oss-security/2021/10/15/3http://www.openwall.com/lists/oss-security/2021/10/16/1http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlhttps://security.netapp.com/advisory/ntap-20211029-0009/http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://security.gentoo.org/glsa/202208-20https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/https://nvd.nist.govhttps://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.htmlhttps://github.com/b1tsec/CVE-2021-41773